<!DOCTYPE html>
<html>
<head>
  <meta charset="utf-8">
  
  <title>闲言碎语 | o0xmuhe&#39;s blog</title>
  <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1">
  <meta name="description" content=":)">
<meta name="keywords" content="life">
<meta property="og:type" content="article">
<meta property="og:title" content="闲言碎语">
<meta property="og:url" content="http:&#x2F;&#x2F;o0xmuhe.me&#x2F;2017&#x2F;01&#x2F;28&#x2F;%E9%97%B2%E8%A8%80%E7%A2%8E%E8%AF%AD&#x2F;index.html">
<meta property="og:site_name" content="o0xmuhe&#39;s blog">
<meta property="og:description" content=":)">
<meta property="og:locale" content="default">
<meta property="og:updated_time" content="2019-11-17T08:44:01.424Z">
<meta name="twitter:card" content="summary">
  
    <link rel="alternative" href="/atom.xml" title="o0xmuhe&#39;s blog" type="application/atom+xml">
  
  
    <link rel="icon" href="/img/favicon.png">
  
  
      <link rel="stylesheet" href="//cdn.bootcss.com/animate.css/3.5.0/animate.min.css">
  
  <link rel="stylesheet" href="/css/style.css">
  <link rel="stylesheet" href="/font-awesome/css/font-awesome.min.css">
  <link rel="apple-touch-icon" href="/apple-touch-icon.png">
  
  
      <link rel="stylesheet" href="/fancybox/jquery.fancybox.css">
  
  <!-- 加载特效 -->
    <script src="/js/pace.js"></script>
    <link href="/css/pace/pace-theme-flash.css" rel="stylesheet" />
  <script>
      var yiliaConfig = {
          rootUrl: '/',
          fancybox: true,
          animate: true,
          isHome: false,
          isPost: true,
          isArchive: false,
          isTag: false,
          isCategory: false,
          open_in_new: false
      }
  </script>
</head>
<body>
  <div id="container">
    <div class="left-col">
    <div class="overlay"></div>
<div class="intrude-less">
    <header id="header" class="inner">
        <a href="/" class="profilepic">
            
            <img lazy-src="/img/head.jpg" class="js-avatar">
            
        </a>

        <hgroup>
          <h1 class="header-author"><a href="/" title="Hi Mate">muhe</a></h1>
        </hgroup>

        
        <p class="header-subtitle">control $pc, control the world</p>
        
        
        
            <div id="switch-btn" class="switch-btn">
                <div class="icon">
                    <div class="icon-ctn">
                        <div class="icon-wrap icon-house" data-idx="0">
                            <div class="birdhouse"></div>
                            <div class="birdhouse_holes"></div>
                        </div>
                        <div class="icon-wrap icon-ribbon hide" data-idx="1">
                            <div class="ribbon"></div>
                        </div>
                        
                        <div class="icon-wrap icon-link hide" data-idx="2">
                            <div class="loopback_l"></div>
                            <div class="loopback_r"></div>
                        </div>
                        
                        
                        <div class="icon-wrap icon-me hide" data-idx="3">
                            <div class="user"></div>
                            <div class="shoulder"></div>
                        </div>
                        
                    </div>
                    
                </div>
                <div class="tips-box hide">
                    <div class="tips-arrow"></div>
                    <ul class="tips-inner">
                        <li>菜单</li>
                        <li>标签</li>
                        
                        <li>友情链接</li>
                        
                        
                        <li>关于我</li>
                        
                    </ul>
                </div>
            </div>
        

        <div id="switch-area" class="switch-area">
            <div class="switch-wrap">
                <section class="switch-part switch-part1">
                    <nav class="header-menu">
                        <ul>
                        
                            <li><a href="/">博客首页</a></li>
                        
                            <li><a href="/archives">所有文章</a></li>
                        
                            <li><a href="/frinds">友情链接</a></li>
                        
                            <li><a href="/about">关于我</a></li>
                        
                            <li><a href="/Pwnable-Log">Pwnable</a></li>
                        
                        </ul>
                    </nav>
                    <nav class="header-nav">
                        <ul class="social">
                            
                                <a class="fl github" target="_blank" href="https://github.com/o0xmuhe" title="github">github</a>
                            
                                <a class="fl weibo" target="_blank" href="http://weibo.com/2070174943/" title="weibo">weibo</a>
                            
                                <a class="fl twitter" target="_blank" href="https://twitter.com/0xmuhe" title="twitter">twitter</a>
                            
                                <a class="fl rss" target="_blank" href="/atom.xml" title="rss">rss</a>
                            
                        </ul>
                    </nav>
                </section>
                
                
                <section class="switch-part switch-part2">
                    <div class="widget tagcloud" id="js-tagcloud">
                        <a href="/tags/1day/" style="font-size: 10px;">1day</a> <a href="/tags/Adobe/" style="font-size: 11.43px;">Adobe</a> <a href="/tags/Adobe-Acrobat-Reader/" style="font-size: 10px;">Adobe Acrobat Reader</a> <a href="/tags/Adobe-Reader/" style="font-size: 11.43px;">Adobe Reader</a> <a href="/tags/Antlr/" style="font-size: 10px;">Antlr</a> <a href="/tags/Apple/" style="font-size: 10px;">Apple</a> <a href="/tags/Bindiff/" style="font-size: 10px;">Bindiff</a> <a href="/tags/C/" style="font-size: 11.43px;">C</a> <a href="/tags/CTF/" style="font-size: 10px;">CTF</a> <a href="/tags/CTF-Writeup/" style="font-size: 10px;">CTF Writeup</a> <a href="/tags/CVE/" style="font-size: 10px;">CVE</a> <a href="/tags/Compilers/" style="font-size: 10px;">Compilers</a> <a href="/tags/ESXi/" style="font-size: 10px;">ESXi</a> <a href="/tags/Frida/" style="font-size: 10px;">Frida</a> <a href="/tags/IDA/" style="font-size: 12.86px;">IDA</a> <a href="/tags/IPC/" style="font-size: 11.43px;">IPC</a> <a href="/tags/LLVM/" style="font-size: 10px;">LLVM</a> <a href="/tags/Linux/" style="font-size: 12.86px;">Linux</a> <a href="/tags/MacOS/" style="font-size: 11.43px;">MacOS</a> <a href="/tags/Mach/" style="font-size: 10px;">Mach</a> <a href="/tags/PANDA/" style="font-size: 10px;">PANDA</a> <a href="/tags/PoC/" style="font-size: 11.43px;">PoC</a> <a href="/tags/Python/" style="font-size: 10px;">Python</a> <a href="/tags/RE/" style="font-size: 10px;">RE</a> <a href="/tags/Snell/" style="font-size: 10px;">Snell</a> <a href="/tags/Study/" style="font-size: 15.71px;">Study</a> <a href="/tags/Surge/" style="font-size: 10px;">Surge</a> <a href="/tags/Symbolic-Execution/" style="font-size: 10px;">Symbolic Execution</a> <a href="/tags/Tools/" style="font-size: 11.43px;">Tools</a> <a href="/tags/UaF/" style="font-size: 10px;">UaF</a> <a href="/tags/Webkit/" style="font-size: 10px;">Webkit</a> <a href="/tags/android/" style="font-size: 10px;">android</a> <a href="/tags/angr/" style="font-size: 11.43px;">angr</a> <a href="/tags/compiler/" style="font-size: 10px;">compiler</a> <a href="/tags/ctf/" style="font-size: 18.57px;">ctf</a> <a href="/tags/ctf-writeup/" style="font-size: 20px;">ctf writeup</a> <a href="/tags/debug/" style="font-size: 10px;">debug</a> <a href="/tags/env-config/" style="font-size: 10px;">env config</a> <a href="/tags/exploit/" style="font-size: 15.71px;">exploit</a> <a href="/tags/frida/" style="font-size: 10px;">frida</a> <a href="/tags/fuzz/" style="font-size: 14.29px;">fuzz</a> <a href="/tags/gdb/" style="font-size: 10px;">gdb</a> <a href="/tags/glibc%E5%86%85%E5%AD%98%E7%AE%A1%E7%90%86/" style="font-size: 10px;">glibc内存管理</a> <a href="/tags/life/" style="font-size: 11.43px;">life</a> <a href="/tags/linux/" style="font-size: 10px;">linux</a> <a href="/tags/linux-kernel/" style="font-size: 12.86px;">linux kernel</a> <a href="/tags/macOS/" style="font-size: 17.14px;">macOS</a> <a href="/tags/mips/" style="font-size: 10px;">mips</a> <a href="/tags/paper/" style="font-size: 10px;">paper</a> <a href="/tags/peach/" style="font-size: 10px;">peach</a> <a href="/tags/pwn/" style="font-size: 15.71px;">pwn</a> <a href="/tags/python/" style="font-size: 10px;">python</a> <a href="/tags/ret-2-dl-resolve/" style="font-size: 10px;">ret 2 dl-resolve</a> <a href="/tags/study/" style="font-size: 12.86px;">study</a> <a href="/tags/tools/" style="font-size: 10px;">tools</a> <a href="/tags/uaf/" style="font-size: 10px;">uaf</a> <a href="/tags/unicorn-engine/" style="font-size: 10px;">unicorn engine</a> <a href="/tags/vuln-analysis/" style="font-size: 10px;">vuln analysis</a> <a href="/tags/wargame/" style="font-size: 11.43px;">wargame</a> <a href="/tags/webkit/" style="font-size: 12.86px;">webkit</a> <a href="/tags/winafl/" style="font-size: 10px;">winafl</a> <a href="/tags/windows-kernel/" style="font-size: 12.86px;">windows kernel</a> <a href="/tags/writeup/" style="font-size: 10px;">writeup</a> <a href="/tags/%E5%85%B6%E4%BB%96/" style="font-size: 10px;">其他</a> <a href="/tags/%E5%B7%A5%E5%85%B7/" style="font-size: 10px;">工具</a> <a href="/tags/%E6%84%9F%E6%82%9F/" style="font-size: 10px;">感悟</a> <a href="/tags/%E6%84%9F%E6%83%B3/" style="font-size: 10px;">感想</a> <a href="/tags/%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90/" style="font-size: 15.71px;">漏洞分析</a> <a href="/tags/%E7%8E%AF%E5%A2%83%E9%85%8D%E7%BD%AE/" style="font-size: 11.43px;">环境配置</a> <a href="/tags/%E7%BC%96%E8%AF%91%E5%8E%9F%E7%90%86/" style="font-size: 11.43px;">编译原理</a>
                    </div>
                </section>
                
                
                
                <section class="switch-part switch-part3">
                    <div id="js-friends">
                    
                      <a target="_blank" class="main-nav-link switch-friends-link" href="http://syclover.sinaapp.com/">Syclover Team</a>
                    
                      <a target="_blank" class="main-nav-link switch-friends-link" href="https://weibo.com/u/5376172367">最爱的高老师</a>
                    
                      <a target="_blank" class="main-nav-link switch-friends-link" href="http://www.Ox9A82.com">0x9A82学弟</a>
                    
                      <a target="_blank" class="main-nav-link switch-friends-link" href="http://k1n9.me/">K1n9师傅</a>
                    
                      <a target="_blank" class="main-nav-link switch-friends-link" href="http://www.cnblogs.com/iamstudy">L3mon</a>
                    
                      <a target="_blank" class="main-nav-link switch-friends-link" href="http://www.xianyusec.com">咸鱼</a>
                    
                      <a target="_blank" class="main-nav-link switch-friends-link" href="http://rootclay.com">rootclay</a>
                    
                      <a target="_blank" class="main-nav-link switch-friends-link" href="http://v1ct0r.com/">V1ct0r</a>
                    
                      <a target="_blank" class="main-nav-link switch-friends-link" href="http://godot.win">Godot学弟</a>
                    
                      <a target="_blank" class="main-nav-link switch-friends-link" href="http://hebic.me/">Homaebic学弟</a>
                    
                      <a target="_blank" class="main-nav-link switch-friends-link" href="https://iqwq.me">两米的sco4x0</a>
                    
                      <a target="_blank" class="main-nav-link switch-friends-link" href="https://zmy.im/">JimmyZhou</a>
                    
                      <a target="_blank" class="main-nav-link switch-friends-link" href="http://silic.top/">灭亡叔叔</a>
                    
                      <a target="_blank" class="main-nav-link switch-friends-link" href="https://dwx.io">Jason</a>
                    
                      <a target="_blank" class="main-nav-link switch-friends-link" href="	http://www.0aa.me/">Mosuan</a>
                    
                      <a target="_blank" class="main-nav-link switch-friends-link" href="http://whereisk0shl.top">k0sh1</a>
                    
                      <a target="_blank" class="main-nav-link switch-friends-link" href="http://winter3un.github.io">WinterSun</a>
                    
                      <a target="_blank" class="main-nav-link switch-friends-link" href="http://venenof.com">Venenof</a>
                    
                      <a target="_blank" class="main-nav-link switch-friends-link" href="http://r0p.me/">Icemakr</a>
                    
                      <a target="_blank" class="main-nav-link switch-friends-link" href="http://bestwing.me/">Swing</a>
                    
                      <a target="_blank" class="main-nav-link switch-friends-link" href="https://www.hackfun.org/">4ido10n</a>
                    
                      <a target="_blank" class="main-nav-link switch-friends-link" href="http://www.hackersb.cn/">王松_Striker</a>
                    
                      <a target="_blank" class="main-nav-link switch-friends-link" href="http://www.cnblogs.com/7top/">7top</a>
                    
                      <a target="_blank" class="main-nav-link switch-friends-link" href="http://www.bendawang.site">bendawang</a>
                    
                      <a target="_blank" class="main-nav-link switch-friends-link" href="http://yixuankeer.win">前端joker大佬</a>
                    
                      <a target="_blank" class="main-nav-link switch-friends-link" href="http://blog.lc4t.me">lc4t</a>
                    
                      <a target="_blank" class="main-nav-link switch-friends-link" href="http://www.inksec.cn/">Szrzvdny</a>
                    
                      <a target="_blank" class="main-nav-link switch-friends-link" href="http://sixwha1e.github.io/">漂亮的sixwhale小姐姐</a>
                    
                      <a target="_blank" class="main-nav-link switch-friends-link" href="http://ctfrank.org">CTF Rank</a>
                    
                      <a target="_blank" class="main-nav-link switch-friends-link" href="http://askook.me/">A酱</a>
                    
                      <a target="_blank" class="main-nav-link switch-friends-link" href="/idoge.cc">重庆五套房的小葱</a>
                    
                      <a target="_blank" class="main-nav-link switch-friends-link" href="/stone.moe">石头</a>
                    
                      <a target="_blank" class="main-nav-link switch-friends-link" href="/pi4net.com">邢老师最优秀</a>
                    
                    </div>
                </section>
                

                
                
                <section class="switch-part switch-part4">
                
                    <div id="js-aboutme">二进制安全. Member of Syclover. CTFer/INTJ.</div>
                </section>
                
            </div>
        </div>
    </header>                
</div>
    </div>
    <div class="mid-col">
      <nav id="mobile-nav">
      <div class="overlay">
          <div class="slider-trigger"></div>
          <h1 class="header-author js-mobile-header hide"><a href="/" title="Me">muhe</a></h1>
      </div>
    <div class="intrude-less">
        <header id="header" class="inner">
            <a href="/" class="profilepic">
                
                    <img lazy-src="/img/head.jpg" class="js-avatar">
                
            </a>
            <hgroup>
              <h1 class="header-author"><a href="/" title="Me">muhe</a></h1>
            </hgroup>
            
            <p class="header-subtitle">control $pc, control the world</p>
            
            <nav class="header-menu">
                <ul>
                
                    <li><a href="/">博客首页</a></li>
                
                    <li><a href="/archives">所有文章</a></li>
                
                    <li><a href="/frinds">友情链接</a></li>
                
                    <li><a href="/about">关于我</a></li>
                
                    <li><a href="/Pwnable-Log">Pwnable</a></li>
                
                <div class="clearfix"></div>
                </ul>
            </nav>
            <nav class="header-nav">
                <div class="social">
                    
                        <a class="github" target="_blank" href="https://github.com/o0xmuhe" title="github">github</a>
                    
                        <a class="weibo" target="_blank" href="http://weibo.com/2070174943/" title="weibo">weibo</a>
                    
                        <a class="twitter" target="_blank" href="https://twitter.com/0xmuhe" title="twitter">twitter</a>
                    
                        <a class="rss" target="_blank" href="/atom.xml" title="rss">rss</a>
                    
                </div>
            </nav>
        </header>                
    </div>
</nav>
      <div class="body-wrap"><article id="post-闲言碎语" class="article article-type-post" itemscope itemprop="blogPost">
  
    <div class="article-meta">
      <a href="/2017/01/28/%E9%97%B2%E8%A8%80%E7%A2%8E%E8%AF%AD/" class="article-date">
      <time datetime="2017-01-28T15:03:15.000Z" itemprop="datePublished">2017-01-28</time>
</a>
    </div>
  
  <div class="article-inner">
    
      <input type="hidden" class="isFancy" />
    
    
      <header class="article-header">
        
  
    <h1 class="article-title" itemprop="name">
      闲言碎语
    </h1>
  

      </header>
      
      <div class="article-info article-info-post">
        

        
    <div class="article-tag tagcloud">
        <ul class="article-tag-list" itemprop="keywords"><li class="article-tag-list-item"><a class="article-tag-list-link" href="/tags/life/" rel="tag">life</a></li></ul>
    </div>

        <div class="clearfix"></div>
      </div>
      
    
    <div class="article-entry" itemprop="articleBody">
      
          
        <pre><code>:)</code></pre><a id="more"></a>

<h4 id="2017-01-28"><a href="#2017-01-28" class="headerlink" title="2017-01-28"></a>2017-01-28</h4><p>大年初一还在写代码，把以前挖的坑填起来，一直想做的自动化的框架终于有点样子了，先做的能跑起来，然后再做一些优化工作把。想着是像<code>msf</code>那样的，几个功能分成几个模块去做，模块之间独立，然后<code>paylod</code>那些可以随意调用；今天只把<code>exploit</code>部分写了个开头，感觉总想推翻重写…这是病，先做完了再说重构的事情好了 QAQ 。</p>
<p>前几天入坑了<code>Windows Kernel Exploit</code>相关，看到了关于内核内存分配相关的资料的时候，感觉好熟悉，一下想起了之前看到<code>linux glibc</code>堆管理相关的资料了。有种很熟悉的感觉吧，怎么说呢，感觉再看到<code>windows kernel</code>内存管理部分的时候就很容易可以理解这些结构是怎么工作的，上手还是快，不过还是想写写代码调试看看，毕竟<code>纸上得来终觉浅</code>。</p>
<p>说到填坑，感觉好多啊，之前<code>Android Sec</code>相关；<code>LLVM</code>的研究也是处在挂起状态，之前是结合着代码混淆技术去学习的，自己写写pass之类的，还有就是看看<code>OLLVM</code>这个项目；<code>符号执行</code>技术的学习算是迈入正轨吧，<code>Paper</code>也很多。还有就是<code>YouTube</code>上好多不错的这些相关的视频啊 2333333</p>
<p>慢慢来吧，感觉都很有意思，而且越往后研究越有意思呀~</p>
<h4 id="2017-01-29"><a href="#2017-01-29" class="headerlink" title="2017-01-29"></a>2017-01-29</h4><p>框架<code>exploit</code>部分完成啦 -。- 哦豁<br>看<code>Android</code>相关，看到<code>Dalvk</code>虚拟机部分的时候，看到了关于<code>Zygote</code>，就是虚拟机实例孵化器…然而这个单词的意思也是很有趣啊 啊哈哈哈哈哈哈哈，形象生动 233333333333333</p>
<h4 id="2017-01-30"><a href="#2017-01-30" class="headerlink" title="2017-01-30"></a>2017-01-30</h4><p>纠结到底开不开源一些东西 :(</p>
<h4 id="2017-02-04"><a href="#2017-02-04" class="headerlink" title="2017-02-04"></a>2017-02-04</h4><p>浪完了回来开工了 23333<br>想明白了一些事，精力有限，贪多嚼不烂；其次就是关于重视基本功，一味地追求上层建筑是没有意义的，早晚要崩塌。那学习技术来说，想做的很多，但是你能够做好其中一两件已经很不错了，还有就是操作系统这个东西…不去把那些lab刷了感觉还是白学，知行合一吧算是。</p>
<h4 id="2017-02-07"><a href="#2017-02-07" class="headerlink" title="2017-02-07"></a>2017-02-07</h4><p>mdzz啊…编译linux内核然后升级个linux，然后虚拟机就炸了硬盘没挂上…bug<br>尝试一下添加系统调用、驱动的方式来体验一下<code>linux kernel exploit</code> 23333333333</p>
<h4 id="2017-02-11"><a href="#2017-02-11" class="headerlink" title="2017-02-11"></a>2017-02-11</h4><p>把自己的PwnableLog这个repo整合进了一些收集的不错的脚本，稍作改动就可以玩了。啊 winafl对于GUI程序真是尴尬，发送窗口关闭消息或者循环进程检测并杀进程的思路效果都不理想…看来只有二次插桩可以用。</p>
<h4 id="2017-02-17"><a href="#2017-02-17" class="headerlink" title="2017-02-17"></a>2017-02-17</h4><p>框架防御模块基本做起来了…想着先出成品再修bug/优化工作。当初瞎立flag，巧了又有点拖延症，哦豁，have fun咯。</p>
<h4 id="2017-02-28"><a href="#2017-02-28" class="headerlink" title="2017-02-28"></a>2017-02-28</h4><p>挺尴尬很多东西以前没做详细的记录，只有零碎的记录和脚本…总结起来就很蛋疼。<br>最近还是挺开心啊，有了铠甲也有了软肋，感觉多了一个努力的理由咯。</p>
<h4 id="2017-03-01"><a href="#2017-03-01" class="headerlink" title="2017-03-01"></a>2017-03-01</h4><p>一个有情怀的二进制狗。</p>
<h4 id="2017-03-06"><a href="#2017-03-06" class="headerlink" title="2017-03-06"></a>2017-03-06</h4><p>这是假的，那是假的，好像没什么真的了。</p>
<h4 id="2017-03-10"><a href="#2017-03-10" class="headerlink" title="2017-03-10"></a>2017-03-10</h4><p>最近开始看linux kernel相关，底层真的太有趣了~<br>linus insides这个gitbook不错，从boot开始讲，结合着看就很不错，再对应着源码，很爽。</p>
<h4 id="2017-03-13"><a href="#2017-03-13" class="headerlink" title="2017-03-13"></a>2017-03-13</h4><p>肝了两天NJCTF…还是感觉太菜了 QAQ 低分题目做的慢 高分玩不动…<br>挺可惜的reverse400，符号执行脚本都写好了，跑了几次，posixdump的是空值，怕是脚本又写的有问题，路径找到了，就是dump不对，尴尬。<br>pwnable，简单的一些细节处理的不好，很伤，平时的积累啊，多收集libc，多动手搞事情 23333<br>SROP开眼了，又是论文pwn，害怕…不过joker那个exp真的太黑客了，思路666<br>好好学习把~ 比赛真的挺有意思的 XD</p>
<h4 id="2017-03-22"><a href="#2017-03-22" class="headerlink" title="2017-03-22"></a>2017-03-22</h4><p>面试这几次，倍感所学知识面的狭窄，了解的很有限，而且以前掌握的一些东西没有再去看就很容易忘记一些细节(还好还有笔记…)<br>感觉一直在被问移动安全…学习学习。<br>经历一些比赛之后，感觉还有很多漏洞利用的trick…调试的trick，比如获取gs:0x10的值，都有待积累。</p>
<h4 id="2017-03-23"><a href="#2017-03-23" class="headerlink" title="2017-03-23"></a>2017-03-23</h4><p>好多不顺利- -。<br>想要的很简单，可是得到却那么难。</p>
<h4 id="2017-03-27"><a href="#2017-03-27" class="headerlink" title="2017-03-27"></a>2017-03-27</h4><p>重头再来，一切还要继续，我不还是要接着看书学习写代码么。</p>
<h4 id="2017-03-29"><a href="#2017-03-29" class="headerlink" title="2017-03-29"></a>2017-03-29</h4><p>调试分析CVE-2017-7269,发现用capstone还原shellcode挺好用的…虽然还原出来的sc并不好懂…可能是姿势有问题?汇编指令用的很奇怪…还有就是快速定位漏洞点，我想打个CC然后just in time debugger进去栈回溯看，但是效果不理想，啊啊啊 测试别的方法好了。</p>
<h4 id="2017-04-01"><a href="#2017-04-01" class="headerlink" title="2017-04-01"></a>2017-04-01</h4><p>将生活带给你的柠檬版的酸楚，酿成犹如柠檬汽水般的甘甜。<br>已经如此了，再坏也坏不到哪里去了。<br>没有什么后路，也就无所畏惧，大步向前。</p>
<h4 id="2017-05-05"><a href="#2017-05-05" class="headerlink" title="2017-05-05"></a>2017-05-05</h4><p>有时候需要反思以下自己的讲话的方式。可能是这几年接触的最多的是技术相关的朋友，圈子很小，所以大家交流的方式都是那么直接，也很直白，比如说到xxx，就会直接讲，xxx很简单的，你只要看了xxxxx就可以搞定xxxxx然后最后就可以完成xxx。</p>
<p>其实你反思以下，在圈外人看来呢？可能很多人看来是：mdzz 我不懂这些，你还说的有劲。</p>
<p>还有就是方式把，不可能一直生活在这个小圈子，总要接触很多人，所以不要总是以技术宅的思维去交流做事，有时候挺伤人咯-。-  </p>
<p>别人为什么不问你问题，因为你总说：这个太简单了那个太简单了。</p>
<p>层次问题…有些问题在大佬看来很简单，在我看来就很困难…相互理解下就好了  233333</p>
<p>好好学习啦，多看书，修身养性，热爱生活。</p>
<h4 id="2017-05-23"><a href="#2017-05-23" class="headerlink" title="2017-05-23"></a>2017-05-23</h4><p>铁三西南赛区打的挺不错，开心。</p>
<p>近期开始学习编译原理，三大浪漫之一 23333</p>
<p>人无信不足以立，对于这两天发生的事情的感受吧，又不能发火，烦。</p>
<p>1adac很好用，爽，这钱花的值。</p>
<p>还有嘛…有些时候付出不一定要回报，况且有些事情是习惯了-。-</p>
<h4 id="2017-05-30"><a href="#2017-05-30" class="headerlink" title="2017-05-30"></a>2017-05-30</h4><p>孤独感。</p>
<h4 id="2017-06-29"><a href="#2017-06-29" class="headerlink" title="2017-06-29"></a>2017-06-29</h4><p>自说自话的**只不过是给别人平添烦恼罢了。</p>
<h4 id="2017-07-04"><a href="#2017-07-04" class="headerlink" title="2017-07-04"></a>2017-07-04</h4><p>断断续续看完了 CVE-2016-0728的分析，也搭建了环境分析。Linux kernel的UAF挺有意思。<br>还在写使用了NFA构造的词法分析器…cpp拙计 感觉c可以做，但是后期优化出DFA的时候就拙计了。</p>
<h4 id="2017-07-30"><a href="#2017-07-30" class="headerlink" title="2017-07-30"></a>2017-07-30</h4><p>实习。忙着工作的事，挺开心的，做喜欢的事，虽然感觉挺难的，不过有挑战性才更有意思。<br>blog感觉很久不会再去更新了 2333333</p>
<p>昨晚和朋友聊天，被说：比起喜欢，我觉得你更需要人陪。</p>
<p>假的假的。</p>
<h4 id="2017-08-20"><a href="#2017-08-20" class="headerlink" title="2017-08-20"></a>2017-08-20</h4><p>遇到两个不能复现的crash了，很心累。<br>准备重写fuzz框架重新搞事了。</p>
<h4 id="2017-08-24"><a href="#2017-08-24" class="headerlink" title="2017-08-24"></a>2017-08-24</h4><p>解决了之前的bug，又遇到了新的…</p>
<h4 id="2017-09-26"><a href="#2017-09-26" class="headerlink" title="2017-09-26"></a>2017-09-26</h4><p>再接再厉</p>
<h4 id="2017-10-27"><a href="#2017-10-27" class="headerlink" title="2017-10-27"></a>2017-10-27</h4><p>愿此间 山有木兮卿有意<br>昨夜星辰恰似你</p>
<h4 id="2017-12-30"><a href="#2017-12-30" class="headerlink" title="2017-12-30"></a>2017-12-30</h4><p>2017就快过完了，我还在搞着adobe reader。花式空指针，fuzzer还在完善，各种各样的问题，觉得难又觉得不难。<br>思路都很好玩，只是自身能力有限，啃不动。需要时间去积累。</p>
<p>而且就在昨天，发现自己之前漏掉了一个攻击点…简直血亏。 叹息…</p>
<h4 id="2018-2-14"><a href="#2018-2-14" class="headerlink" title="2018-2-14"></a>2018-2-14</h4><p>过不过节感觉没啥区别啊-。-<br>《自制编译器》真的是一本不可多得的好书。终于看到IR生成部分了，先把公开课关于中间代码生成的部分搞定了，再去看这本书这部分的内容，然后再去看它的代码。</p>
<p>有几天没去搞工作上的事了，只是看看paper和slide，感觉好咸鱼啊。 :(</p>
<p>最后，高老师节日快乐-。-</p>
<h4 id="2018-2-28"><a href="#2018-2-28" class="headerlink" title="2018-2-28"></a>2018-2-28</h4><p>快要去学校了。<br>工作有点进展了，还在看grinder源码，要改造，long way to go</p>
<p>编译原理学习中。</p>
<h4 id="2018-4-29"><a href="#2018-4-29" class="headerlink" title="2018-4-29"></a>2018-4-29</h4><p>真的想吐槽。<br>最近比赛什么玩意。</p>
<h4 id="2018-6-9"><a href="#2018-6-9" class="headerlink" title="2018-6-9"></a>2018-6-9</h4><p>阅读paper，阅读源码，学习别人的思路。<br>好好看书，想拿antlr4搞大事。</p>
<h4 id="2018-8-13"><a href="#2018-8-13" class="headerlink" title="2018-8-13"></a>2018-8-13</h4><p>本来工作的第一个月开开心心，学东西也看心，爽的一批。<br>但是八月份飞扬一开始，就TM负能量爆棚。 辣鸡飞扬，劝退系列，洗脑特么失败了。<br>看看某司、某司、某司…哪家像你们这么搞人？<br>耽误正常工作好吧，浪费时间好吧。</p>
<h4 id="2018-11-10"><a href="#2018-11-10" class="headerlink" title="2018-11-10"></a>2018-11-10</h4><p>关于code coverage，对格式类fuzz很有意义，但是语法、脚本引擎这种靠逻辑的东西，意义似乎没那么大。<br>工作的蛮开心，压力动力并存，希望自己能扛过去，完成蜕变。</p>
<h4 id="2018-11-26"><a href="#2018-11-26" class="headerlink" title="2018-11-26"></a>2018-11-26</h4><p>天府杯结束，继续努力。<br>给自己开了两个大坑，一个是关于文件格式，一个关于代码生成，随便一个都要做好久…更别提还有很多漏洞需要分析，短期内应该不会提交漏洞了。</p>
<h4 id="2018-12-2"><a href="#2018-12-2" class="headerlink" title="2018-12-2"></a>2018-12-2</h4><p>调了一天洞，感觉猜想是正确的，但是调试下来就不对…真奇怪啊。<br>又要从零开始疯狂搞挖掘了… 希望有点产出</p>
<h4 id="2018-12-6"><a href="#2018-12-6" class="headerlink" title="2018-12-6"></a>2018-12-6</h4><p>每次和男哥聊，都感叹他思考问题的高度和角度，感觉自己思考问题很局限性，而且只看到眼前，没有做更多的、更长远的考虑:(<br>too young啊还是</p>
<h4 id="2018-12-21"><a href="#2018-12-21" class="headerlink" title="2018-12-21"></a>2018-12-21</h4><p>又病倒了，嗓子发炎了，喝水喝了好多… ddl在逼近，一定要抗住压力前进。</p>
<p>非工作时间的小计划也在一点点进行，看书学习什么的，加油。</p>
<p>努力程度真的还没到拼天赋那一步吧。</p>
<h4 id="2018-12-25"><a href="#2018-12-25" class="headerlink" title="2018-12-25"></a>2018-12-25</h4><p>圣诞节快乐，这几天的病终于好转了一点点，想起周六在医院挂不上号、急诊等不到的场景，<br>那一刻真的很想逃离北京。<br>好消息是，因为生病，好像只睡了六小时也没什么问题，多的时间拿来看书了…<br>逆向上终于有更好的进展了，我感觉有0day在等我了，加油。</p>
<h4 id="2018-12-28"><a href="#2018-12-28" class="headerlink" title="2018-12-28"></a>2018-12-28</h4><ol>
<li>github开了个仓库，放自己挖到的洞poc以及一些收集到的poc，可能会跟上分析。</li>
<li>感叹，可能reader的代码真的太老了吧。。</li>
<li>遇到了奇葩的内存断点断不下来的情况，还没法解决。。心累</li>
</ol>
<h4 id="2018-12-31"><a href="#2018-12-31" class="headerlink" title="2018-12-31"></a>2018-12-31</h4><p>普通的一天，把自己的mbp擦的干干净净，新年新气象了。</p>
<p>新的一年，希望：</p>
<ol>
<li>挖到更多的洞，RCE；</li>
<li>自己的非工作时间的Rock Lee计划顺利执行，并且能有成效；</li>
<li>学到更多东西，在非舒适区成长。</li>
</ol>
<h4 id="2019-2-1"><a href="#2019-2-1" class="headerlink" title="2019-2-1"></a>2019-2-1</h4><p>要回家了。</p>
<p>刚开始半年工作干的还不错，也有很多收获。</p>
<p>工作压力大，但是动力更大；最近搞定了一些问题，新的思路也得以实践，一切都不错。。</p>
<p>不过还有很多事没做啊，新fuzz框架的规范化，平台编写，与之相关的一些东西还没写完呢。。</p>
<p>继续加油，争取出更多的0day吧  :)</p>
<h4 id="2019-2-3"><a href="#2019-2-3" class="headerlink" title="2019-2-3"></a>2019-2-3</h4><p>fuzz跑的还算稳定，需要接入更多的东西，想办法搞的通用一点，现在还是需要太多人为干预了；</p>
<p>今天都二十九了，还是写了点代码，做了一个poc db，把收集到的文件，按照不同的格式，做好分类，</p>
<p>方便日后fuzz使用。 这样的话，还需要写爬虫了，爬很多的样本下来…</p>
<h4 id="2019-4-27"><a href="#2019-4-27" class="headerlink" title="2019-4-27"></a>2019-4-27</h4><p>再来一个信息泄漏就可以一套利用了，加油。</p>
<p>最近顺便把之前做的winafl通用模式fuzz封装起来，弄成类似libfuzzer的那种模式，提供函数，buffer，length，<br>就可以直接fuzz ：） 加油咯。</p>
<h4 id="2019-5-19"><a href="#2019-5-19" class="headerlink" title="2019-5-19"></a>2019-5-19</h4><p>调洞的样子真像cxk :( </p>
<p>大改了fuzzer，等一波输出了。</p>
<p>尝试新的挖洞思路中…</p>
<h4 id="2019-8-7"><a href="#2019-8-7" class="headerlink" title="2019-8-7"></a>2019-8-7</h4><p>差不多尝试了两个月，没什么有用的产出，现有的都很鸡肋。 </p>
<p>关键的问题：基本功。</p>
<h4 id="2019-11-17"><a href="#2019-11-17" class="headerlink" title="2019-11-17"></a>2019-11-17</h4><p><a href="https://gist.githubusercontent.com/knightsc/10810d5a0a51d6cdd79daeda99e66daa/raw/240ba8094f0505de0ef2c9af8477c6d25b5f62a3/build-xnu-4903.221.2.sh" target="_blank" rel="noopener">xnu_build.sh</a>真香</p>
<p>换了个路线了…</p>

      
    </div>
    
  </div>
  
    
    <div class="copyright">
        <p><span>本文标题:</span><a href="/2017/01/28/%E9%97%B2%E8%A8%80%E7%A2%8E%E8%AF%AD/">闲言碎语</a></p>
        <p><span>文章作者:</span><a href="/" title="访问 muhe 的个人博客">muhe</a></p>
        <p><span>发布时间:</span>2017年01月28日 - 23时03分</p>
        <p><span>最后更新:</span>2019年11月17日 - 16时44分</p>
        <p>
            <span>原始链接:</span><a class="post-url" href="/2017/01/28/%E9%97%B2%E8%A8%80%E7%A2%8E%E8%AF%AD/" title="闲言碎语">http://o0xmuhe.me/2017/01/28/%E9%97%B2%E8%A8%80%E7%A2%8E%E8%AF%AD/</a>
            <span class="copy-path" data-clipboard-text="原文: http://o0xmuhe.me/2017/01/28/%E9%97%B2%E8%A8%80%E7%A2%8E%E8%AF%AD/　　作者: muhe" title="点击复制文章链接"><i class="fa fa-clipboard"></i></span>
            <script src="/js/clipboard.min.js"></script>
            <script> var clipboard = new Clipboard('.copy-path'); </script>
        </p>
        <p>
            <span>许可协议:</span><i class="fa fa-creative-commons"></i> <a rel="license noopener" href="http://creativecommons.org/licenses/by-nc-sa/3.0/cn/" target="_blank" title="中国大陆 (CC BY-NC-SA 3.0 CN)" target = "_blank">"署名-非商用-相同方式共享 3.0"</a> 转载请保留原文链接及作者。
        </p>
    </div>



<nav id="article-nav">
  
    <a href="/2017/01/30/Linux%20socket%E8%BF%9B%E7%A8%8B%E9%97%B4%E9%80%9A%E4%BF%A1%E5%8F%8A%E5%BA%94%E7%94%A8/" id="article-nav-newer" class="article-nav-link-wrap">
      <strong class="article-nav-caption"><</strong>
      <div class="article-nav-title">
        
          Linux socket进程间通信及应用
        
      </div>
    </a>
  
  
    <a href="/2017/01/22/Have-fun-with-Blind-ROP/" id="article-nav-older" class="article-nav-link-wrap">
      <div class="article-nav-title">Have fun with Blind ROP</div>
      <strong class="article-nav-caption">></strong>
    </a>
  
</nav>

  
</article>

    <div id="toc" class="toc-article">
    <strong class="toc-title">文章目录</strong>
    <ol class="toc"><li class="toc-item toc-level-4"><a class="toc-link" href="#2017-01-28"><span class="toc-number">1.</span> <span class="toc-text">2017-01-28</span></a></li><li class="toc-item toc-level-4"><a class="toc-link" href="#2017-01-29"><span class="toc-number">2.</span> <span class="toc-text">2017-01-29</span></a></li><li class="toc-item toc-level-4"><a class="toc-link" href="#2017-01-30"><span class="toc-number">3.</span> <span class="toc-text">2017-01-30</span></a></li><li class="toc-item toc-level-4"><a class="toc-link" href="#2017-02-04"><span class="toc-number">4.</span> <span class="toc-text">2017-02-04</span></a></li><li class="toc-item toc-level-4"><a class="toc-link" href="#2017-02-07"><span class="toc-number">5.</span> <span class="toc-text">2017-02-07</span></a></li><li class="toc-item toc-level-4"><a class="toc-link" href="#2017-02-11"><span class="toc-number">6.</span> <span class="toc-text">2017-02-11</span></a></li><li class="toc-item toc-level-4"><a class="toc-link" href="#2017-02-17"><span class="toc-number">7.</span> <span class="toc-text">2017-02-17</span></a></li><li class="toc-item toc-level-4"><a class="toc-link" href="#2017-02-28"><span class="toc-number">8.</span> <span class="toc-text">2017-02-28</span></a></li><li class="toc-item toc-level-4"><a class="toc-link" href="#2017-03-01"><span class="toc-number">9.</span> <span class="toc-text">2017-03-01</span></a></li><li class="toc-item toc-level-4"><a class="toc-link" href="#2017-03-06"><span class="toc-number">10.</span> <span class="toc-text">2017-03-06</span></a></li><li class="toc-item toc-level-4"><a class="toc-link" href="#2017-03-10"><span class="toc-number">11.</span> <span class="toc-text">2017-03-10</span></a></li><li class="toc-item toc-level-4"><a class="toc-link" href="#2017-03-13"><span class="toc-number">12.</span> <span class="toc-text">2017-03-13</span></a></li><li class="toc-item toc-level-4"><a class="toc-link" href="#2017-03-22"><span class="toc-number">13.</span> <span class="toc-text">2017-03-22</span></a></li><li class="toc-item toc-level-4"><a class="toc-link" href="#2017-03-23"><span class="toc-number">14.</span> <span class="toc-text">2017-03-23</span></a></li><li class="toc-item toc-level-4"><a class="toc-link" href="#2017-03-27"><span class="toc-number">15.</span> <span class="toc-text">2017-03-27</span></a></li><li class="toc-item toc-level-4"><a class="toc-link" href="#2017-03-29"><span class="toc-number">16.</span> <span class="toc-text">2017-03-29</span></a></li><li class="toc-item toc-level-4"><a class="toc-link" href="#2017-04-01"><span class="toc-number">17.</span> <span class="toc-text">2017-04-01</span></a></li><li class="toc-item toc-level-4"><a class="toc-link" href="#2017-05-05"><span class="toc-number">18.</span> <span class="toc-text">2017-05-05</span></a></li><li class="toc-item toc-level-4"><a class="toc-link" href="#2017-05-23"><span class="toc-number">19.</span> <span class="toc-text">2017-05-23</span></a></li><li class="toc-item toc-level-4"><a class="toc-link" href="#2017-05-30"><span class="toc-number">20.</span> <span class="toc-text">2017-05-30</span></a></li><li class="toc-item toc-level-4"><a class="toc-link" href="#2017-06-29"><span class="toc-number">21.</span> <span class="toc-text">2017-06-29</span></a></li><li class="toc-item toc-level-4"><a class="toc-link" href="#2017-07-04"><span class="toc-number">22.</span> <span class="toc-text">2017-07-04</span></a></li><li class="toc-item toc-level-4"><a class="toc-link" href="#2017-07-30"><span class="toc-number">23.</span> <span class="toc-text">2017-07-30</span></a></li><li class="toc-item toc-level-4"><a class="toc-link" href="#2017-08-20"><span class="toc-number">24.</span> <span class="toc-text">2017-08-20</span></a></li><li class="toc-item toc-level-4"><a class="toc-link" href="#2017-08-24"><span class="toc-number">25.</span> <span class="toc-text">2017-08-24</span></a></li><li class="toc-item toc-level-4"><a class="toc-link" href="#2017-09-26"><span class="toc-number">26.</span> <span class="toc-text">2017-09-26</span></a></li><li class="toc-item toc-level-4"><a class="toc-link" href="#2017-10-27"><span class="toc-number">27.</span> <span class="toc-text">2017-10-27</span></a></li><li class="toc-item toc-level-4"><a class="toc-link" href="#2017-12-30"><span class="toc-number">28.</span> <span class="toc-text">2017-12-30</span></a></li><li class="toc-item toc-level-4"><a class="toc-link" href="#2018-2-14"><span class="toc-number">29.</span> <span class="toc-text">2018-2-14</span></a></li><li class="toc-item toc-level-4"><a class="toc-link" href="#2018-2-28"><span class="toc-number">30.</span> <span class="toc-text">2018-2-28</span></a></li><li class="toc-item toc-level-4"><a class="toc-link" href="#2018-4-29"><span class="toc-number">31.</span> <span class="toc-text">2018-4-29</span></a></li><li class="toc-item toc-level-4"><a class="toc-link" href="#2018-6-9"><span class="toc-number">32.</span> <span class="toc-text">2018-6-9</span></a></li><li class="toc-item toc-level-4"><a class="toc-link" href="#2018-8-13"><span class="toc-number">33.</span> <span class="toc-text">2018-8-13</span></a></li><li class="toc-item toc-level-4"><a class="toc-link" href="#2018-11-10"><span class="toc-number">34.</span> <span class="toc-text">2018-11-10</span></a></li><li class="toc-item toc-level-4"><a class="toc-link" href="#2018-11-26"><span class="toc-number">35.</span> <span class="toc-text">2018-11-26</span></a></li><li class="toc-item toc-level-4"><a class="toc-link" href="#2018-12-2"><span class="toc-number">36.</span> <span class="toc-text">2018-12-2</span></a></li><li class="toc-item toc-level-4"><a class="toc-link" href="#2018-12-6"><span class="toc-number">37.</span> <span class="toc-text">2018-12-6</span></a></li><li class="toc-item toc-level-4"><a class="toc-link" href="#2018-12-21"><span class="toc-number">38.</span> <span class="toc-text">2018-12-21</span></a></li><li class="toc-item toc-level-4"><a class="toc-link" href="#2018-12-25"><span class="toc-number">39.</span> <span class="toc-text">2018-12-25</span></a></li><li class="toc-item toc-level-4"><a class="toc-link" href="#2018-12-28"><span class="toc-number">40.</span> <span class="toc-text">2018-12-28</span></a></li><li class="toc-item toc-level-4"><a class="toc-link" href="#2018-12-31"><span class="toc-number">41.</span> <span class="toc-text">2018-12-31</span></a></li><li class="toc-item toc-level-4"><a class="toc-link" href="#2019-2-1"><span class="toc-number">42.</span> <span class="toc-text">2019-2-1</span></a></li><li class="toc-item toc-level-4"><a class="toc-link" href="#2019-2-3"><span class="toc-number">43.</span> <span class="toc-text">2019-2-3</span></a></li><li class="toc-item toc-level-4"><a class="toc-link" href="#2019-4-27"><span class="toc-number">44.</span> <span class="toc-text">2019-4-27</span></a></li><li class="toc-item toc-level-4"><a class="toc-link" href="#2019-5-19"><span class="toc-number">45.</span> <span class="toc-text">2019-5-19</span></a></li><li class="toc-item toc-level-4"><a class="toc-link" href="#2019-8-7"><span class="toc-number">46.</span> <span class="toc-text">2019-8-7</span></a></li><li class="toc-item toc-level-4"><a class="toc-link" href="#2019-11-17"><span class="toc-number">47.</span> <span class="toc-text">2019-11-17</span></a></li></ol>
</div>
<input type="button" id="tocButton" value="隐藏目录"  title="点击按钮隐藏或者显示文章目录">

<script src="https://7.url.cn/edu/jslib/comb/require-2.1.6,jquery-1.9.1.min.js"></script>
<script>
    var valueHide = "隐藏目录";
    var valueShow = "显示目录";

    if ($(".left-col").is(":hidden")) {
        $("#tocButton").attr("value", valueShow);
    }
    $("#tocButton").click(function() {
        if ($("#toc").is(":hidden")) {
            $("#tocButton").attr("value", valueHide);
            $("#toc").slideDown(320);
        }
        else {
            $("#tocButton").attr("value", valueShow);
            $("#toc").slideUp(350);
        }
    })
    if ($(".toc").length < 1) {
        $("#toc, #tocButton").hide();
    }
</script>





<div class="bdsharebuttonbox">
	<a href="#" class="fx fa-weibo bds_tsina" data-cmd="tsina" title="分享到新浪微博"></a>
	<a href="#" class="fx fa-weixin bds_weixin" data-cmd="weixin" title="分享到微信"></a>
	<a href="#" class="fx fa-qq bds_sqq" data-cmd="sqq" title="分享到QQ好友"></a>
	<a href="#" class="fx fa-facebook-official bds_fbook" data-cmd="fbook" title="分享到Facebook"></a>
	<a href="#" class="fx fa-twitter bds_twi" data-cmd="twi" title="分享到Twitter"></a>
	<a href="#" class="fx fa-linkedin bds_linkedin" data-cmd="linkedin" title="分享到linkedin"></a>
	<a href="#" class="fx fa-files-o bds_copy" data-cmd="copy" title="分享到复制网址"></a>
</div>
<script>window._bd_share_config={"common":{"bdSnsKey":{},"bdText":"","bdMini":"2","bdMiniList":false,"bdPic":"","bdStyle":"2","bdSize":"24"},"share":{}};with(document)0[(getElementsByTagName('head')[0]||body).appendChild(createElement('script')).src='/static/api/js/share.js?v=89860593.js?cdnversion='+~(-new Date()/36e5)];</script>




    
        <section id="comments">
  <div id="disqus_thread"></div>
    <script type="text/javascript">
    /* * * CONFIGURATION VARIABLES: EDIT BEFORE PASTING INTO YOUR WEBPAGE * * */
    var disqus_shortname = 'o0xmuhe'; // required: replace example with your forum shortname

    /* * * DON'T EDIT BELOW THIS LINE * * */
    (function() {
      var dsq = document.createElement('script'); dsq.type = 'text/javascript'; dsq.async = true;
      dsq.src = '//' + disqus_shortname + '.disqus.com/embed.js';
      (document.getElementsByTagName('head')[0] || document.getElementsByTagName('body')[0]).appendChild(dsq);
    })();
  </script>
  <noscript>Please enable JavaScript to view the <a href="https://disqus.com/?ref_noscript" target="_blank" rel="noopener">comments powered by Disqus.</a></noscript>
</section>
    



    <div class="scroll" id="post-nav-button">
        
            <a href="/2017/01/30/Linux%20socket%E8%BF%9B%E7%A8%8B%E9%97%B4%E9%80%9A%E4%BF%A1%E5%8F%8A%E5%BA%94%E7%94%A8/" title="上一篇: Linux socket进程间通信及应用">
                <i class="fa fa-angle-left"></i>
            </a>
        
        <a title="文章列表"><i class="fa fa-bars"></i><i class="fa fa-times"></i></a>
        
            <a href="/2017/01/22/Have-fun-with-Blind-ROP/" title="下一篇: Have fun with Blind ROP">
                <i class="fa fa-angle-right"></i>
            </a>
        
    </div>
    <ul class="post-list"><li class="post-list-item"><a class="post-list-link" href="/2019/11/15/frida-gum%E4%BB%A3%E7%A0%81%E9%98%85%E8%AF%BB/">frida-gum代码阅读笔记</a></li><li class="post-list-item"><a class="post-list-link" href="/2019/10/24/Linux-Kernel-%E7%BC%96%E8%AF%91%E8%B8%A9%E5%9D%91/">Linux Kernel 编译踩坑</a></li><li class="post-list-item"><a class="post-list-link" href="/2019/10/17/Debug-macOS-Kernel/">Debug macOS Kernel</a></li><li class="post-list-item"><a class="post-list-link" href="/2019/09/26/Snell-auto-install-cript/">Snell auto install cript</a></li><li class="post-list-item"><a class="post-list-link" href="/2019/09/20/macOS-IPC-Study-basic-2/">macOS IPC Study Notes</a></li><li class="post-list-item"><a class="post-list-link" href="/2019/09/09/Uninitialised-Objective-C-Pointer-Vulnerability-Analysis-CVE-2018-4196/">Uninitialised Objective-C Pointer Vulnerability Analysis (CVE-2018-4196)</a></li><li class="post-list-item"><a class="post-list-link" href="/2019/09/02/CVE-2019-8604-analysis/">CVE-2019-8604 analysis</a></li><li class="post-list-item"><a class="post-list-link" href="/2019/08/22/Bindiff5-0-Could-not-create-file-handler-fix/">Bindiff5.0 Could not create file handler fix</a></li><li class="post-list-item"><a class="post-list-link" href="/2019/08/20/macOS-IPC-Study-basic/">macOS IPC Study basic</a></li><li class="post-list-item"><a class="post-list-link" href="/2019/08/14/Adobe-Acrobat-Reader-getUIPerms-setUIPerms-Unicode-String-Out-of-bound-Read/">Adobe Acrobat Reader getUIPerms/setUIPerms  Unicode String Out-of-bound Read</a></li><li class="post-list-item"><a class="post-list-link" href="/2019/08/10/Apple-IPC-DO-Basic/">Apple IPC : DO Basic</a></li><li class="post-list-item"><a class="post-list-link" href="/2019/07/16/Adobe-Acrobat-DC-Pro-touchup-UaF/">Adobe Acrobat DC Pro touchup UaF</a></li><li class="post-list-item"><a class="post-list-link" href="/2019/07/09/IDA%E8%87%AA%E5%8A%A8%E5%8C%96%E5%88%86%E6%9E%90/">IDA自动化分析</a></li><li class="post-list-item"><a class="post-list-link" href="/2019/06/19/CVE-2017-2541-XGetWindowMovementGroup-stackoverflow/">CVE-2017-2541 __XGetWindowMovementGroup stackoverflow</a></li><li class="post-list-item"><a class="post-list-link" href="/2019/06/19/CVE-2017-2540-XGetConnectionPSN-info-leak/">CVE-2017-2540 _XGetConnectionPSN info leak</a></li><li class="post-list-item"><a class="post-list-link" href="/2019/06/14/find-macOS-service-and-it-s-plist-file/">find macOS service and it's plist file</a></li><li class="post-list-item"><a class="post-list-link" href="/2019/05/15/Adobe-Acrobat-DC-Pro-OOB-CVE-2019-7813/">Adobe Acrobat DC Pro OOB(CVE-2019-7813)</a></li><li class="post-list-item"><a class="post-list-link" href="/2019/05/10/macOS-on-ESXi/">macOS on ESXi</a></li><li class="post-list-item"><a class="post-list-link" href="/2019/04/20/CVE-2017-2547-%E5%88%86%E6%9E%90/">CVE-2017-2547 分析</a></li><li class="post-list-item"><a class="post-list-link" href="/2019/04/17/NULL/">NULL</a></li><li class="post-list-item"><a class="post-list-link" href="/2019/04/12/CVE-2019-7125-PoC/">CVE-2019-7125 PoC</a></li><li class="post-list-item"><a class="post-list-link" href="/2019/04/06/CVE-2018-4990-analysis/">CVE-2018-4990 analysis</a></li><li class="post-list-item"><a class="post-list-link" href="/2019/04/06/CVE-2016-4622-analysis/">CVE-2016-4622  analysis</a></li><li class="post-list-item"><a class="post-list-link" href="/2019/03/24/CVE-2017-2536-analysis/">CVE-2017-2536 analysis</a></li><li class="post-list-item"><a class="post-list-link" href="/2019/03/12/CVE-2018-12794-%E5%88%86%E6%9E%90/">CVE-2018-12794 分析</a></li><li class="post-list-item"><a class="post-list-link" href="/2019/01/04/%E4%BD%BF%E7%94%A8Frida%E8%BE%85%E5%8A%A9%E9%80%86%E5%90%91/">使用Frida辅助逆向</a></li><li class="post-list-item"><a class="post-list-link" href="/2018/12/31/Webkit%E7%BC%96%E8%AF%91%E8%B8%A9%E5%9D%91%E8%AE%B0%E5%BD%95/">Webkit编译踩坑记录</a></li><li class="post-list-item"><a class="post-list-link" href="/2018/12/25/%E9%80%86%E5%90%91%E5%8D%8F%E4%BD%9C%E4%B9%8BIDA%E6%8F%92%E4%BB%B6IDArling/">逆向协作之IDA插件IDArling</a></li><li class="post-list-item"><a class="post-list-link" href="/2018/12/13/%E7%94%B1CVE-2018-12831%E5%BC%95%E5%8F%91%E7%9A%84%E4%B8%80%E4%BA%9B%E6%80%9D%E8%80%83/">由CVE-2018-12831引发的一些思考</a></li><li class="post-list-item"><a class="post-list-link" href="/2018/11/18/TFC%E6%B8%B8%E8%AE%B0/">TFC游记</a></li><li class="post-list-item"><a class="post-list-link" href="/2018/11/08/Hello-PANDA/">Hello PANDA</a></li><li class="post-list-item"><a class="post-list-link" href="/2018/11/07/UAF-analysis-using-pykd/">UAF analysis : using pykd</a></li><li class="post-list-item"><a class="post-list-link" href="/2018/10/05/%E4%BB%A3%E7%A0%81%E5%AE%A1%E8%AE%A1%E5%9F%B9%E5%85%BB%E8%AE%A1%E5%88%92/">代码审计培养计划</a></li><li class="post-list-item"><a class="post-list-link" href="/2018/08/13/%E9%A3%9E%E6%89%AC%E5%8E%86%E9%99%A9%E8%AE%B0/">飞扬历险记</a></li><li class="post-list-item"><a class="post-list-link" href="/2018/06/16/linux-code-inject/">linux code inject</a></li><li class="post-list-item"><a class="post-list-link" href="/2018/06/16/%E6%AF%94%E8%B5%9B%E8%BF%90%E7%BB%B4%E6%9D%82%E8%AE%B0/">比赛运维杂记</a></li><li class="post-list-item"><a class="post-list-link" href="/2018/06/09/%E8%AE%BA%E6%96%87%E9%98%85%E8%AF%BB-IFuzzer-An-Evolutionary-Interpreter-Fuzzer-using-Genetic-Programming/">论文阅读<IFuzzer: An Evolutionary Interpreter Fuzzer using Genetic Programming></a></li><li class="post-list-item"><a class="post-list-link" href="/2018/06/03/%E9%81%97%E4%BC%A0%E7%AE%97%E6%B3%95%E5%88%9D%E7%AA%A5/">遗传算法初窥</a></li><li class="post-list-item"><a class="post-list-link" href="/2018/05/29/Antlr4%E5%88%9D%E4%BD%93%E9%AA%8C/">Antlr4初体验</a></li><li class="post-list-item"><a class="post-list-link" href="/2018/04/19/mips%E7%A8%8B%E5%BA%8F%E8%B0%83%E8%AF%95%E7%8E%AF%E5%A2%83%E6%8A%98%E8%85%BE/">mips程序调试环境折腾</a></li><li class="post-list-item"><a class="post-list-link" href="/2018/03/14/%E6%8B%AF%E6%95%91macOS-High-sierra%E7%9A%84%E7%A1%AC%E7%9B%98%E7%A9%BA%E9%97%B4/">拯救macOS High sierra的硬盘空间</a></li><li class="post-list-item"><a class="post-list-link" href="/2018/02/16/Symbolic-Execution%E5%AD%A6%E4%B9%A0/">Symbolic Execution学习</a></li><li class="post-list-item"><a class="post-list-link" href="/2018/02/11/LL-LR-SLR-LALR%E5%82%BB%E5%82%BB%E5%88%86%E4%B8%8D%E6%B8%85/">LL LR SLR LALR傻傻分不清</a></li><li class="post-list-item"><a class="post-list-link" href="/2018/01/20/compiler%E5%AD%A6%E4%B9%A0/">compiler学习</a></li><li class="post-list-item"><a class="post-list-link" href="/2018/01/15/Unicorn-Engine%E5%88%9D%E4%BD%93%E9%AA%8C/">Unicorn Engine初体验</a></li><li class="post-list-item"><a class="post-list-link" href="/2018/01/06/flex-bison%E8%AF%BB%E4%B9%A6%E7%AC%94%E8%AE%B0/">flex_bison读书笔记</a></li><li class="post-list-item"><a class="post-list-link" href="/2017/12/30/Python%E6%8C%87%E5%AE%9A%E6%A6%82%E7%8E%87%E8%8E%B7%E5%8F%96%E9%9A%8F%E6%9C%BA%E5%85%83%E7%B4%A0/">Python指定概率获取随机元素</a></li><li class="post-list-item"><a class="post-list-link" href="/2017/10/01/Hello-World%E5%8D%87%E7%BA%A7%E7%89%88/">Hello World升级版</a></li><li class="post-list-item"><a class="post-list-link" href="/2017/07/13/babydriver-writeup/">babydriver writeup</a></li><li class="post-list-item"><a class="post-list-link" href="/2017/07/05/OpenGrok%E6%90%AD%E5%BB%BA/">OpenGrok搭建</a></li><li class="post-list-item"><a class="post-list-link" href="/2017/06/30/%E7%BC%96%E8%AF%91%E5%8E%9F%E7%90%86%E5%AD%A6%E4%B9%A0/">编译原理学习</a></li><li class="post-list-item"><a class="post-list-link" href="/2017/06/28/TrendMicro-CTF-2017-Reverse300/">TrendMicro CTF 2017 Reverse300</a></li><li class="post-list-item"><a class="post-list-link" href="/2017/06/19/Final/">Final</a></li><li class="post-list-item"><a class="post-list-link" href="/2017/05/29/pwnhub%E6%9D%AFCUIT%E7%AC%AC%E5%8D%81%E4%B8%89%E5%B1%8A%E6%A0%A1%E8%B5%9Bpwn%E5%87%BA%E9%A2%98%E5%8F%8A%E8%BF%90%E7%BB%B4%E5%BF%83%E5%BE%97/">pwnhub杯CUIT第十三届校赛pwn出题及运维心得</a></li><li class="post-list-item"><a class="post-list-link" href="/2017/05/08/SSCTF-2017%E9%83%A8%E5%88%86Writeup/">SSCTF-2017部分Writeup</a></li><li class="post-list-item"><a class="post-list-link" href="/2017/04/22/360%E6%98%A5%E7%A7%8BCTF-pwn/">360春秋CTF--pwn</a></li><li class="post-list-item"><a class="post-list-link" href="/2017/04/06/Linux-Kernel-Exploit-4-beginners/">Linux Kernel Exploit 4 beginners</a></li><li class="post-list-item"><a class="post-list-link" href="/2017/03/15/NJCTF-2017%E9%83%A8%E5%88%86wp/">NJCTF-2017部分wp</a></li><li class="post-list-item"><a class="post-list-link" href="/2017/03/06/SECCON-2016-jmper/">SECCON-2016 jmper</a></li><li class="post-list-item"><a class="post-list-link" href="/2017/03/04/codegate2017-angrybird/">codegate2017-angrybird</a></li><li class="post-list-item"><a class="post-list-link" href="/2017/02/27/LLVM-Study-Log/">LLVM Study Log</a></li><li class="post-list-item"><a class="post-list-link" href="/2017/02/16/ichunqiu-CTF-2017-2/">ichunqiu-CTF-2017-2</a></li><li class="post-list-item"><a class="post-list-link" href="/2017/02/08/Adding-your-own-syscall-in-linux-kernel/">Adding your own syscall in linux kernel</a></li><li class="post-list-item"><a class="post-list-link" href="/2017/02/04/Windows-Kernel-Exploit-Study-3/">Windows-Kernel-Exploit-Study(3)</a></li><li class="post-list-item"><a class="post-list-link" href="/2017/01/30/Linux%20socket%E8%BF%9B%E7%A8%8B%E9%97%B4%E9%80%9A%E4%BF%A1%E5%8F%8A%E5%BA%94%E7%94%A8/">Linux socket进程间通信及应用</a></li><li class="post-list-item"><a class="post-list-link" href="/2017/01/28/%E9%97%B2%E8%A8%80%E7%A2%8E%E8%AF%AD/">闲言碎语</a></li><li class="post-list-item"><a class="post-list-link" href="/2017/01/22/Have-fun-with-Blind-ROP/">Have fun with Blind ROP</a></li><li class="post-list-item"><a class="post-list-link" href="/2017/01/20/Windows-Kernel-Exploit-Study-2/">Windows Kernel Exploit Study(2)</a></li><li class="post-list-item"><a class="post-list-link" href="/2017/01/19/Windows-Kernel-Exploit-Study-1/">Windows Kernel Exploit Study(1)</a></li><li class="post-list-item"><a class="post-list-link" href="/2016/12/24/what-DynELF-does-basically/">what DynELF does basically</a></li><li class="post-list-item"><a class="post-list-link" href="/2016/12/17/fuzzing-with-peach-Just-a-toy/">fuzzing with peach(Just a toy)</a></li><li class="post-list-item"><a class="post-list-link" href="/2016/11/25/PlaidCTF-2016-butterfly/">PlaidCTF 2016 butterfly</a></li><li class="post-list-item"><a class="post-list-link" href="/2016/11/21/Have-fun-with-glibc%E5%86%85%E5%AD%98%E7%AE%A1%E7%90%86/">Have fun with glibc内存管理</a></li><li class="post-list-item"><a class="post-list-link" href="/2016/11/10/linux-%E4%B8%8B%E8%B5%B7shell%E5%A4%B1%E8%B4%A5%E7%9A%84%E5%88%86%E6%9E%90/">linux 下起shell失败的分析</a></li><li class="post-list-item"><a class="post-list-link" href="/2016/11/07/Baiudu%E6%9D%AF-pwn%E4%B8%93%E5%9C%BA%E8%AE%B0%E5%BD%95/">Baiudu杯 pwn专场记录</a></li><li class="post-list-item"><a class="post-list-link" href="/2016/10/29/how-to-compile-WinAFL/">how to compile WinAFL</a></li><li class="post-list-item"><a class="post-list-link" href="/2016/10/25/yocto-writeup/">yocto writeup</a></li><li class="post-list-item"><a class="post-list-link" href="/2016/10/11/HITCON-2016-Quals-SecretHolder/">HITCON-2016-Quals-SecretHolder</a></li><li class="post-list-item"><a class="post-list-link" href="/2016/09/27/BCTF-cloud/">BCTF--cloud</a></li><li class="post-list-item"><a class="post-list-link" href="/2016/09/24/%E4%B8%80%E4%BA%9B%E7%8E%AF%E5%A2%83%E9%85%8D%E7%BD%AE%E9%81%87%E5%88%B0%E7%9A%84%E5%9D%91-%E6%8C%81%E7%BB%AD%E6%9B%B4%E6%96%B0/">一些环境配置遇到的坑(持续更新)</a></li><li class="post-list-item"><a class="post-list-link" href="/2016/09/16/Malloc-Maleficarum-%E5%A4%8D%E7%9B%98/">Malloc-Maleficarum-复盘</a></li><li class="post-list-item"><a class="post-list-link" href="/2016/08/26/%E5%88%9D%E8%AF%95winafl/">初试winafl</a></li><li class="post-list-item"><a class="post-list-link" href="/2016/08/14/pwnable-kr-alloca/">pwnable.kr -- alloca</a></li><li class="post-list-item"><a class="post-list-link" href="/2016/08/01/%E7%AE%80%E5%8D%95%E7%9A%84%E5%B0%9D%E8%AF%95angr/">简单的尝试angr</a></li><li class="post-list-item"><a class="post-list-link" href="/2016/06/29/%E7%AC%AC%E4%B8%80%E4%B8%AAandroid-cm%E8%B0%83%E8%AF%95%E5%88%86%E6%9E%90/">第一个android cm调试分析</a></li><li class="post-list-item"><a class="post-list-link" href="/2016/06/29/install-gef/">install gef</a></li><li class="post-list-item"><a class="post-list-link" href="/2016/04/30/cctf-pwn350/">cctf pwn350</a></li><li class="post-list-item"><a class="post-list-link" href="/2016/02/15/heap-vuln-unlink/">heap vuln -- unlink</a></li><li class="post-list-item"><a class="post-list-link" href="/2015/12/02/format-string-with-stack-frame/">format string with stack frame</a></li><li class="post-list-item"><a class="post-list-link" href="/2015/11/16/RCTF-PWN200/">RCTF -- PWN200</a></li><li class="post-list-item"><a class="post-list-link" href="/2015/11/05/dragon/">dragon</a></li></ul>
    <script src="https://7.url.cn/edu/jslib/comb/require-2.1.6,jquery-1.9.1.min.js"></script>
    <script>
        $(".post-list").addClass("toc-article");
        $(".post-list-item a").attr("target","_blank");
        $("#post-nav-button > a:nth-child(2)").click(function() {
            $(".fa-bars, .fa-times").toggle();
            $(".post-list").toggle(300);
            if ($(".toc").length > 0) {
                $("#toc, #tocButton").toggle(200, function() {
                    if ($(".switch-area").is(":visible")) {
                        $("#tocButton").attr("value", valueHide);
                        }
                    })
            }
            else {
            }
        })
    </script>



    <script>
        
    </script>
</div>
      <footer id="footer">
    <div class="outer">
        <div id="footer-info">
            <div class="footer-left">
                &copy; 2019 muhe
            </div>
            <div class="footer-right">
                <a href="http://hexo.io/" target="_blank">Hexo</a>  Theme <a href="https://github.com/luuman/hexo-theme-spfk" target="_blank">spfk</a> by luuman
            </div>
        </div>
        
            <div class="visit">
                
                    <span id="busuanzi_container_site_pv" style='display:none'>
                        <span id="site-visit" >访客数量: 
                            <span id="busuanzi_value_site_uv"></span>
                        </span>
                    </span>
                
                
                    <span>, </span>
                
                
                    <span id="busuanzi_container_page_pv" style='display:none'>
                        <span id="page-visit">本页阅读量: 
                            <span id="busuanzi_value_page_pv"></span>
                        </span>
                    </span>
                
            </div>
        
    </div>
</footer>

    </div>
    <script src="https://7.url.cn/edu/jslib/comb/require-2.1.6,jquery-1.9.1.min.js"></script>
<script src="/js/main.js"></script>

    <script>
        $(document).ready(function() {
            var backgroundnum = 24;
            var backgroundimg = "url(/background/bg-x.jpg)".replace(/x/gi, Math.ceil(Math.random() * backgroundnum));
            $("#mobile-nav").css({"background-image": backgroundimg,"background-size": "cover","background-position": "center"});
            $(".left-col").css({"background-image": backgroundimg,"background-size": "cover","background-position": "center"});
        })
    </script>





<div class="scroll" id="scroll">
    <a href="#"><i class="fa fa-arrow-up"></i></a>
    <a href="#comments"><i class="fa fa-comments-o"></i></a>
    <a href="#footer"><i class="fa fa-arrow-down"></i></a>
</div>
<script>
    $(document).ready(function() {
        if ($("#comments").length < 1) {
            $("#scroll > a:nth-child(2)").hide();
        };
    })
</script>

<script async src="https://dn-lbstatics.qbox.me/busuanzi/2.3/busuanzi.pure.mini.js">
</script>

  <script language="javascript">
    $(function() {
        $("a[title]").each(function() {
            var a = $(this);
            var title = a.attr('title');
            if (title == undefined || title == "") return;
            a.data('title', title).removeAttr('title').hover(

            function() {
                var offset = a.offset();
                $("<div id=\"anchortitlecontainer\"></div>").appendTo($("body")).html(title).css({
                    top: offset.top - a.outerHeight() - 15,
                    left: offset.left + a.outerWidth()/2 + 1
                }).fadeIn(function() {
                    var pop = $(this);
                    setTimeout(function() {
                        pop.remove();
                    }, pop.text().length * 800);
                });
            }, function() {
                $("#anchortitlecontainer").remove();
            });
        });
    });
</script>


  </div>
</body>
</html>